1 files changed, 17 insertions, 21 deletions
diff --git a/src/lib/libcrypto/man/CMS_verify.3 b/src/lib/libcrypto/man/CMS_verify.3
index 5b17a75ca0..ae489933de 100644
--- a/src/lib/libcrypto/man/CMS_verify.3
+++ b/src/lib/libcrypto/man/CMS_verify.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_verify.3,v 1.4 2019/08/11 12:46:38 schwarze Exp $
+.\" $OpenBSD: CMS_verify.3,v 1.5 2019/08/18 12:06:51 schwarze Exp $
 .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 11 2019 $
+.Dd $Mdocdate: August 18 2019 $
 .Dt CMS_VERIFY 3
 .Os
 .Sh NAME
@@ -72,11 +72,10 @@
 .Fc
 .Sh DESCRIPTION
 .Fn CMS_verify
-verifies a CMS SignedData structure.
+verifies the CMS
-.Fa cms
+.Vt SignedData
-is the
+structure
-.Vt CMS_ContentInfo
+.Fa cms .
-structure to verify.
 .Fa certs
 is a set of certificates in which to search for the signing
 certificate(s).
@@ -90,10 +89,6 @@ The content is written to
 if it is not
 .Dv NULL .
 .Pp
-.Fa flags
-is an optional set of flags, which can be used to modify the verify
-operation.
-.Pp
 .Fn CMS_get0_signers
 retrieves the signing certificate(s) from
 .Fa cms .
@@ -105,11 +100,8 @@ Normally the verify process proceeds as follows.
 .Pp
 Initially some sanity checks are performed on
 .Fa cms .
-The type of
+There must be at least one signature on the data.
-.Fa cms
+If the content is detached,
-must be SignedData.
-There must be at least one signature on the data and if the content is
-detached;
 .Fa indata
 cannot be
 .Dv NULL .
@@ -126,7 +118,8 @@ If any signing certificate cannot be located, the operation fails.
 .Pp
 Each signing certificate is chain verified using the
 .Sy smimesign
-purpose and the supplied trusted certificate store.
+purpose and the supplied trusted certificate
+.Fa store .
 Any internal certificates in the message are used as untrusted CAs.
 If CRL checking is enabled in
 .Fa store ,
@@ -142,9 +135,9 @@ and the signature is checked.
 .Pp
 If all signatures verify correctly, then the function is successful.
 .Pp
-Any of the following flags (OR'ed together) can be passed in the
+Any of the following
 .Fa flags
-parameter to change the default verify behaviour:
+(OR'ed together) can be passed to change the default verify behaviour:
 .Bl -tag -width Ds
 .It Dv CMS_NOINTERN
 Do not use the certificates in the message itself when
@@ -156,7 +149,7 @@ parameter.
 If CRL checking is enabled in
 .Fa store ,
 then any CRLs in the message itself are ignored.
-It Dv CMS_TEXT
+.It Dv CMS_TEXT
 MIME headers for type text/plain are deleted from the content.
 If the content is not of type text/plain, an error is returned.
 .It Dv CMS_NO_SIGNER_CERT_VERIFY
@@ -199,7 +192,7 @@ However since the signing time is supplied by the signer it cannot be
 trusted without additional evidence (such as a trusted timestamp).
 .Sh RETURN VALUES
 .Fn CMS_verify
-returns 1 for a successful verification or zero if an error occurred.
+returns 1 for a successful verification or 0 if an error occurred.
 .Pp
 .Fn CMS_get0_signers
 returns all signers or
@@ -210,6 +203,9 @@ The error can be obtained from
 .Xr ERR_get_error 3 .
 .Sh SEE ALSO
 .Xr CMS_sign 3
+.Sh STANDARDS
+RFC 5652: Cryptographic Message Syntax (CMS),
+section 5.1: SignedData Type
 .Sh HISTORY
 These functions first appeared in OpenSSL 0.9.8h
 and have been available since

diff --git a/src/lib/libcrypto/man/CMS_verify.3 b/src/lib/libcrypto/man/CMS_verify.3 index 5b17a75ca0..ae489933de 100644 --- a/src/lib/libcrypto/man/CMS_verify.3 +++ b/src/lib/libcrypto/man/CMS_verify.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: CMS_verify.3,v 1.4 2019/08/11 12:46:38 schwarze Exp $	1	.\" $OpenBSD: CMS_verify.3,v 1.5 2019/08/18 12:06:51 schwarze Exp $
2	.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200	2	.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: August 11 2019 $	51	.Dd $Mdocdate: August 18 2019 $
52	.Dt CMS_VERIFY 3	52	.Dt CMS_VERIFY 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -72,11 +72,10 @@
72	.Fc	72	.Fc
73	.Sh DESCRIPTION	73	.Sh DESCRIPTION
74	.Fn CMS_verify	74	.Fn CMS_verify
75	verifies a CMS SignedData structure.	75	verifies the CMS
76	.Fa cms	76	.Vt SignedData
77	is the	77	structure
78	.Vt CMS_ContentInfo	78	.Fa cms .
79	structure to verify.
80	.Fa certs	79	.Fa certs
81	is a set of certificates in which to search for the signing	80	is a set of certificates in which to search for the signing
82	certificate(s).	81	certificate(s).
@@ -90,10 +89,6 @@ The content is written to
90	if it is not	89	if it is not
91	.Dv NULL .	90	.Dv NULL .
92	.Pp	91	.Pp
93	.Fa flags
94	is an optional set of flags, which can be used to modify the verify
95	operation.
96	.Pp
97	.Fn CMS_get0_signers	92	.Fn CMS_get0_signers
98	retrieves the signing certificate(s) from	93	retrieves the signing certificate(s) from
99	.Fa cms .	94	.Fa cms .
@@ -105,11 +100,8 @@ Normally the verify process proceeds as follows.
105	.Pp	100	.Pp
106	Initially some sanity checks are performed on	101	Initially some sanity checks are performed on
107	.Fa cms .	102	.Fa cms .
108	The type of	103	There must be at least one signature on the data.
109	.Fa cms	104	If the content is detached,
110	must be SignedData.
111	There must be at least one signature on the data and if the content is
112	detached;
113	.Fa indata	105	.Fa indata
114	cannot be	106	cannot be
115	.Dv NULL .	107	.Dv NULL .
@@ -126,7 +118,8 @@ If any signing certificate cannot be located, the operation fails.
126	.Pp	118	.Pp
127	Each signing certificate is chain verified using the	119	Each signing certificate is chain verified using the
128	.Sy smimesign	120	.Sy smimesign
129	purpose and the supplied trusted certificate store.	121	purpose and the supplied trusted certificate
		122	.Fa store .
130	Any internal certificates in the message are used as untrusted CAs.	123	Any internal certificates in the message are used as untrusted CAs.
131	If CRL checking is enabled in	124	If CRL checking is enabled in
132	.Fa store ,	125	.Fa store ,
@@ -142,9 +135,9 @@ and the signature is checked.
142	.Pp	135	.Pp
143	If all signatures verify correctly, then the function is successful.	136	If all signatures verify correctly, then the function is successful.
144	.Pp	137	.Pp
145	Any of the following flags (OR'ed together) can be passed in the	138	Any of the following
146	.Fa flags	139	.Fa flags
147	parameter to change the default verify behaviour:	140	(OR'ed together) can be passed to change the default verify behaviour:
148	.Bl -tag -width Ds	141	.Bl -tag -width Ds
149	.It Dv CMS_NOINTERN	142	.It Dv CMS_NOINTERN
150	Do not use the certificates in the message itself when	143	Do not use the certificates in the message itself when
@@ -156,7 +149,7 @@ parameter.
156	If CRL checking is enabled in	149	If CRL checking is enabled in
157	.Fa store ,	150	.Fa store ,
158	then any CRLs in the message itself are ignored.	151	then any CRLs in the message itself are ignored.
159	It Dv CMS_TEXT	152	.It Dv CMS_TEXT
160	MIME headers for type text/plain are deleted from the content.	153	MIME headers for type text/plain are deleted from the content.
161	If the content is not of type text/plain, an error is returned.	154	If the content is not of type text/plain, an error is returned.
162	.It Dv CMS_NO_SIGNER_CERT_VERIFY	155	.It Dv CMS_NO_SIGNER_CERT_VERIFY
@@ -199,7 +192,7 @@ However since the signing time is supplied by the signer it cannot be
199	trusted without additional evidence (such as a trusted timestamp).	192	trusted without additional evidence (such as a trusted timestamp).
200	.Sh RETURN VALUES	193	.Sh RETURN VALUES
201	.Fn CMS_verify	194	.Fn CMS_verify
202	returns 1 for a successful verification or zero if an error occurred.	195	returns 1 for a successful verification or 0 if an error occurred.
203	.Pp	196	.Pp
204	.Fn CMS_get0_signers	197	.Fn CMS_get0_signers
205	returns all signers or	198	returns all signers or
@@ -210,6 +203,9 @@ The error can be obtained from
210	.Xr ERR_get_error 3 .	203	.Xr ERR_get_error 3 .
211	.Sh SEE ALSO	204	.Sh SEE ALSO
212	.Xr CMS_sign 3	205	.Xr CMS_sign 3
		206	.Sh STANDARDS
		207	RFC 5652: Cryptographic Message Syntax (CMS),
		208	section 5.1: SignedData Type
213	.Sh HISTORY	209	.Sh HISTORY
214	These functions first appeared in OpenSSL 0.9.8h	210	These functions first appeared in OpenSSL 0.9.8h
215	and have been available since	211	and have been available since